We just released our latest edition of PERCEPTION, our cyber threat intelligence briefing for the financial services sector edited by Dr Graham Shaw. This contains informative, relevant and timely information about the cyber threat landscape for financial institutions, current threat actors and recent activities, and is designed to help you address the cyber risks faced by your organization.
This quarter, we are continuing to see increasingly sophisticated operations from cybercrime organizations, as well as increasingly sophisticated security tools to answer these threats. Here are our key takeaways:
- Notable cyber activity within financial services: We saw a number of high-profile attacks and developing trends at the start of 2019 and in 2018. These included a discovery from a security researcher that the State Bank of India (SBI), India’s largest bank, had failed to secure a server which was part of their text-messaging platform, allowing the researcher to read all messages sent and received by the bank’s ‘SBI quick’ enquiry service. In addition, Kaspersky published a detailed examination of intrusions into at least eight banks across Eastern Europe in which the attackers used an unknown device connected to the company’s local network with remote access through a mobile network connection to reach machines used for making payments.
- The continuing activity of the Carbanak Organized Crime Gang: Despite the arrest of suspected leader Denis K, the notorious Carbanak gang continues to launch attacks against banks. Throughout the last few months of 2018, reports of attacks on financial organizations using recognized Carbanak TTPs (tactics, techniques and procedures) and infrastructure continued to be reported, for example against Russian and Romanian banks in August 2018.
- Benefits and challenges of deploying TLS 1.3: Transport layer security, otherwise known as TLS or SSL, has historically been a tricky protocol to properly manage and secure. Most organizations will have, at some point in time, received a penetration test report containing a litany of issues regarding protocol version support, insecure cipher suites, missing security extensions, deprecated hash functions, and so forth. These issues can be difficult to navigate due to the naturally terse nature of cryptography, the depth of historical reasoning that went into the TLS protocol design, and the diverse nature of implementations. It should come as a relief, then, that TLS 1.3 brings with it a new design mindset where (comparative) simplicity is seen as one of the cornerstones of secure protocol design. In our full PERCEPTION report, we dive into the history of TLS, how TLS 1.3 differs from previous versions, and how to deploy it.
- Ethereum Classic (ETC) 51% Attack: On January 7th 2019, Etherium Classic (ETC) suffered from a “51% attack” containing multiple double spends totalling 219,500 ETC (~$1.1M at the time of the detection). One exchange declared losses of 40,000 ETC and has promised to refund all impacted users. In our full PERCEPTION report, we explain how a 51% attack works, and how it could impact other cryptocurrencies in the future.
- Authoritative DNS Security: A recent set of attacks against DNS integrity has highlighted the importance of securing DNS infrastructure. DNS underpins almost all internet communications, and is fundamental to being able to establish trusted and secure connections between devices. By tampering with information contained within the DNS system, it is possible for attackers to masquerade as an organization, present valid TLS certificates and man-in-the-middle connections to obtain sensitive information. In our full PERCEPTION report, we do a deep dive into how DNS works, how attackers have been manipulating DNS infrastructure, and how organizations can protect themselves against these attacks.
To learn more about all of these topics, you can download the full Q1 2019 PERCEPTION Report here.
In addition, customized cyber threat reports are available on a regular subscription from Nettitude. They include focused areas on your organization’s attack surface as well as specific information on the threat actors that may be targeting you.